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o ig iUfc -9" 7 X r A^n^'ftti, (1 1 6 ) L T*#* S"J 7;Wfc L> »J 

- X 7" P -b X «r )1 U T tit fig £ ft ® -T 3 C £ W X' * 5 . S 6 (C , P - if - (1 1 6 ) « IS 
BWD-K/7>n-K*HfTL, ffl 4 O SPS <D IS * * ffi * £ ft Hi T * - © & « 12 $ tc t 
§ C t ft T- * 3 
[0019] 

U V s X h y t ft fig 20 
77°y >r->y 3 y*S. t < »ff«*4ica:, «4ft»©«Uaill«at&ETifeS. 77yy 
-^Hy^*<a*fl*«j*Cfc^T»#**«U3-K©»tt, -tr p S> & I 1 © IE B fc J: 
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;!/ ( w i n . i n i 43 =fc system, i n I ) KWINDOWS ( 

g 8 ffi fl( ) ¥SYSTEMf-f l/H'JIl, J/^-v'ay^^/'jy-faySWO 
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OPERATING SYSTEM ABSTRACTION AND PROTECTION LAYER 

This application is a conlimuticm-in-pnit of U.S. Patent Application. No. 

09/456,181 ' , the entirety of which is incorporated herein by reference as if folly 

set forth. 

Tho present invention relates to computer software, raid more particularly to 
operating system software. 

BACKGROUND OF THE INVENTION 

In many environments, but particularly fa environments where an application b 
delivered via a network, the most important feature a mi ability to ran applications on the fly, 
without a corupfax mstaDatioiL Typically, in certain prior art Byrtans, great paing were taken 
to modify a cEent system to appear as if a program was installed, or to actoalJy install the 
software bself, and then back oat these mcdificatians to restore the original cwfiguration. In 
doing this, multiple problems present themselves conflicts between an application and the 
cmnputer'B current c«nfiginatxm, multiple instances of the same or different appficatkms, 
complexity of the back out process reouires an application m be ptf to 
to ensure aS of its raxUricatiooa can be accounted for. and the use of shared fflci and system 
components by multiple appbeatfans compUcates back cut and thefastauation process. 
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SUMMARY OF THE INVENTION 

The present invention provides t system fin creating in application software 
enyifonmsnt with out changing tn operating system of a client computer, the system 
comprising an operating system abstraction and protection layer, wherein said abstraction 
and protection layer is interposed "between o running software application and said 
operating system, whereby a virtual environment in which an application may ran is 
provided and application level interactions are substantially removed. Preferably, any 
changes directly to the operating system are selectively made within the context of the 
i unitin g application and the abstraction and protection layer dynamically change* the 
virtual environment according to administrative settings. Additionally, in certain 
embodiments, the system continually monitors the use of shared system resources and 
acts as a service to apply and remove changes to system component*. 

Thus, for example, in embodiments within Windows-based operating systems, 
and wherein aO operations to the Windows Registry are through the Win32 API, the 
system preferably provides a means Cor hooking functions, whereby each time said 
functions are invoiced another function or application intercepts the call, and the system 
most preferably hooks each appropriate API fcnctioa to service a request whether made 
by an application run from a server or if made by an application against a configuration 
key being actively managed 

In other preferred embodiments of the present mvesaion, additional functionality 
is provided, such as those embodiments wherein the operating system abstraction and 
protection layer manages the integration of multiple fnictr^T* of an application by 
recognizing how many instances of on application ore running, and in such embodiments 
most preferably it also avoids making changes on startup and shutdown unless there Is 
oniy one application instance running. In this enmodiment it is also possible to support 
multi-user operating systems in which multiple instances of an application can be running 
on behalf of different users. 
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Tbus, the operating system abstraction and protection layer presents in 
environment to an spplicarion that appears to be an installation environment without 
performing an installation, whereby a 'pseudo installation ** Is created fa which all of the 
settings are brought into a virtual environment at the time the application runs. Or in the 
case of an installed application, acts to dynamically modify the behavior of the 
application at run-time. Preferred embodiments provide a means far preventing 
information on the client computer from bterfering or modifying the behavior of an 
application, and roost preferably provide a means for dynamically nh*ng*ng the virtual 
environment according to administrative settings. Aa mentioned above, in certain 
embodiments it will be possible to have more than one instance of a single software 
application running on the same client computer, even if it was not originally authored to 
do so. In socb embodiments, shared, controlled c onte xts are provided in which at least 
two of said instances of a single appGcation share one or more virtual settings. ■ 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram schematic showing the relative relationship of the present 
invention, an o periling system and a software application^ 

FIG, 2 is a block diagram schematic showing 

FIG. 3 is a block, diagram schematic showing 

FIG. 4 is a block diagram schematic showing 
PETAiLED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Referring now to FIG 1, there is illustrated a block diagram schematic showing the 
relative relationship of the present invention, an operating system and a software application. 
Preferred ernbodiments of the present invention provide an operating system abstraction and 
protection layer 100 denominated an "Operating System Guard.*' Internally, many operating 
systems 10 provide fault domains to protect applications 50 from affecting each other when 
ran. However, shared system resources and marry other operating system features aDow this 
protection domain to be compromised. An operating system abstraction sod protection layer 
100 wul provide an additional, ^grammatically controlled barrier between applications 50 to 
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remove most application level mtoactiims. Imposed between the application 50 and operating 
system 10 the operating system abstraction and protection layer 100 selectively aDowa 
changes directly to foe operating system 10, versus containing the change within the context of 
the nmning sppEcation. For one example, is Windows-based systems, all operations to the 
Windows Registry are typically done through the Win32 API Aj explained bdow, system 
fractions like QueryRegEx and GetProfiloString can be hooked so that each time they arc 
invoked, another function or eppucation intercepts the call. The Operating System Guard 100 
of the present invention win hook each appropriate API America to service the request, if 
made by an application being actively managed or if made by an application against 8 
configuration kern being actively managed, fa this way, unless capBatiy configured to do so, 
the present invention can create the application environment without making any actual 
changes to the end-user* s system Also, any modifications made at nm-time by the 
application can be persisted or removed easily. 



As used harem the torn "Operating System Guard" defines a layer between a 
nmning application and the operating system of a target computer or cfient computer that 
provides a virtual cavironiacm in which on application may run. This virtual 
environment has several purposes. First, it prevents a nmning application from making 
changes to the client computer. If an application attempts to change underlying operating 
system settings of a client computer, such settings am protected and only "made" in the 
virtual environment For example, if an application attempts to change the version of a 
shared object like MSVCRTJDLL, this change is localized to the application and the code 

Second, the invention presents an environment to a running application that 
appears to be an installation environment without performing an installation, and is thus a 
"pscudo installation" or "rosuEatiaD-Iikc." AO of the settings are brought into a virtual 
environment at the time the application being served runs, m jost-m-time when the 
application needs the particular setting. For example, if a coin; inter program such as 
Adobe Photoshop® expects to sec a set of Windows Registry entries under 
HKjTy r _UX^_MACHINF^on^vare\Adobe and they are not there on the cfient 
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computer since Photoshop -was never instilled, a system made in accordance with this 
aspect of the present invention will "show" those registry entries to the Photoshop 
programming code exactly as if they were resident on the client oompptcr. 

Next, the invention prevents information that may exist on the client/a sera . 
machine from interfering with or modifying the behavior of an application. For example, 
if the user has already existing registry entries under: 

HKEY_I^CAL_MACHINEVSo£rwareVAdobe 
Jor an older version ofPhotoshop, but now wishes to operate a newer version, these 
entries can be hidden from the new application to prevent conflicts. 

Finally, the present invention unlocks application behavior that may not exist as 
the application is currently written. It docs this through the ability to dynamically change 
the virtual environment according to admin i«trative settings. For example, m a typical 
instance of an enterprise software application, a client application may expect to read a 
setting for the address of the database to which the user should connect from a setting in 
the registry. Because this registry key is often stored in HKEY_LOCAL_MACHINE, the 
setting is global for the entire client computer. A user can only connect to one database 
without reinstalling the chent, or knowing bow to modify this registry key, and doing so 
each time they wish to run the application. However, by implementing the present 
■invention, two instances of the application may now run on the same client computer, 
each connecting to a different database. 



CONTEXTS 

m providing this fimaionafity, each application is able to run in a private context 
within the system. To the application, it has its own private view of what the system 
looks like and its behavior. The present invention provides this by its i n he rent nature. 
Referring to FIG. 2, two separate applications 52,54, or two instances of the same 
application (50 illustrated in FIG. IX can be provided private contexts in which they will 
appear to have separate or differing copies of system services, configuration and data. In 
the preferred ernbodiroemt, this is the default behavior of the system 
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By exteridmg this concept, tho Operating System Guard 1 00 of the present 
invention ceo also provide shared, controlled contexts in which two nr more applications 
52,34 can share some or all of their virtual settings. This is important for application 
suites such as Microsoft Office, or for applications that perform differently in the 
presence of other applications. For example, many epp Heat it ins use Microsoft Word as 
mi engine- for doing Mail Merge or document creation functionality. The application 
must know about the installation or presence of Word and be able to tap into its 
functions. In the preferred embodiment, two instances of the same application will share 
a single context by default, while two separate applications will maintain private 
contexts. Referring to FIG. 3, the two applications 52,54 can run while the Operating 
lystem Guard 100 provides a shared view of the available system resources, 

)ESIGN 

As fllostratcd in FIG. 4, the Operating System Guard is comprised of the 
b Ho wing subsystems: core 102, configuration manager 104, file manager 106; shared 
>bjecl manager 108, device manager 110, font manager 112, process manager 120, 
process environment manager 114, loader 116, and recovery manager 118. With the 
axeption of the core 102, the process manager 120, and the loader 116, all other 
ubsystems are elements of the VhtuaEzalion System described in further detail below, 
the core 102 is primarily responsible for managing opplications and their context as 
lefined by the configuration files. 

The process manager 120 provided by the Operating System Guard allows the 
ore 102 to be informed of any process or thread event that may be of interest. It also 
irovides an abstraction layer to the operating system-dependent implementations for 
rmnagjng a process space and handling thread processing. Processes may be grouped 
ogether into application bundles. An application bundle is a group of processes which all 
hare their virtual resources with each other. For example, Microsoft Word and Microsoft 
yccel may want to share the virtual registry and virtual file system to be able to work 
ogether 'as an application suite. The process manager 120 calls these application bundles 
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"applications". The information about an application exists until the process manager 120 
is (old to release the application. If another process needs to be loaded into the application 
bundle, it may do so as long as the application has not been released 

The loader subsystem 1 1 6 of the present invention is used to allow virtual 
environments to bo transferred Into and out of the running system. Each of die 
Visualization Subsystems is capable of serializing its configuration for the loader 116, 
and retrieving it through the reverse process. In addition, the loader 1 16 is capable of 
staged loading/unloading and combining the results of ^dividual stages into one single 
envir onm e nt description. 

REGISTRY AND CONFIGURATION 

Applications require varying amounts of configuration information to operate 
properly. Anywhere from zero to thousands of configuration records exist for which an 
application can read its configuration On Windows, there are two common places for 
configuration information, the Windows Registry and system level initialization files 
win_rni and system. mi. In addition, the \WINDOWS\SYSTEM directory is a cwmnon . 
place for applications to write application specific configuration or initialization files. 
Applications will also use configuration or data files in their local application directories 
to store additional configuration information. Often this Information is difficult to deal 
with, os it is in a proprietary format. On platforms other than Windows, there is no 
equivalent of the Registry, but common directories exist for configuration information. X 
Windows has an app -defaults directory. Macintosh has the System Folder, and other 
operating systems will have corresponding element*. Tt is important to note thai on most 
UNIX systems, each individual application 52,54 will most often store its own 
configuration 152, 154 locally, as seen in FIG. 2. 

The present invention, in one embodiment, includes a virtual Windows Registry 
component, which will provide a foil function registry to an application, but prevent 
modification to the underlying system registry. AH keys that an appKcation expects to 
access will be present, but may only exist in the virtual registry. In this way, the 
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Operating System Guard 100 of the present invention and the Windows Registry form 9 
two-stage process far accessing the registry. If an application needs access to ■ key, it 
wiD query the Registry. The Operating System Guard will respond with tho ley and its 
value if it knows it. Otherwise, it wflurjow the request to pass through to tie Windows 
Registry. If an attempt is made to modify the value, the Operating System Guard wiD 
«Dow the modification to occur to itself only. The next time the application accesses tho 
key, it will be present in the Operating System Guard and the request will not Bow 
through to the real Registry, leaving it untouched. 

' The keys that the Operating System Guard uses are specified in three separate 
section a. These Operating System Guard keys are specified as commands in these 
sections to modify an existing key, delete the presenoo of a key, or odd a new key to the 
registry. In this way, the virtual registry can appear exactly as the system intends. This is 
important as tho presence or absence of a key can be as important as tho actual vshje of 
the key. 

In the preferred embodiment, the Operating System Guard first bads a data file 
that contains basic registry entries for the npph'cathm. Then a second data file is loaded 
that contains the user's preferences. Finally, the Operating System Guard can optionally 
load a set of keys that include policy hems that the user b not allowed to override. The 
three files load on top of each other whh duplicate hems in each file overriding hems in 
the file before ft. The first time a user runs an application, the second data file will not 
exist because there will be no user-specific information, only application defaults. After 
each session, though, the Operating System Guard will save the user's changes, 
generating that second data file for use in future sessions. 

Configuration files can be modified in two ways. First, the file can be edited 
directly by an application, m this scenario, the Operating System Guard File subsystem 
described below will address the modification made to the file. Second, in the preferred 
embodiment, an application can call tho Windows API family of calls GetProfilcString, 
WriteProfileStriug, or others to modify these files. In this case, the Operating System 
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Guard of the present invention performs exactly as described above intercepting these 
calls and servicing them from within. 

SHARED OBJECTS 

Many companentt used by operating systems and running applications are shared 
across several applications or instances. Id general, this is a very good idea. It saves disk 
space, not requiring many copies of the same file, ft also provides the ability for 
operating system vendors and third parties to create and distribute libraries of commonly 
used code. On the Windows pisiform. Dynamic Link Libraries, DUa arc often shared 
within and across applications. On other platforms, the problem t.i the same. On the 
Macintosh, INTTs and other systom components are loaded for applications. These 
components cao have many versions, of which only one is used at a time. On UNIX 
systems, dynamic shared objects, e.g., ".so" library files, are used by applications to 
speed load time, save disk f$> ace, and for other reasons. Many programs use the default 
Tibcsa" However, this library file is typically a symbolic fink to seme version of itself 
such as bbc.so.3. m practice, this feature has created havoc. These shared components 
have often gone through revision, with many versions of the same component available to 
be b stalled. Application authors have found their software to work with potentially only 
one or some of the versions of the shared component. Thus, in practice, applications 
typically install the version they desdre. overwriting other present versions. This 
potentially causes deftuhs in other applications running on a system. 

On Windows 98, Windows 2000, Microsoft has created the Windows Protected 
Hie System (WPFS) to allow system administrators to create a file called 
XXXX. LOCAL in the base directory of an application, where XXXX is the executable 
filo name without the extension. This causes the Windows Loader to after its method of 
resolving path reterences during Loadlibmy executions. This, however, is not sufficient 
to completely solve the problem. First, setting up the XXXX file is left to the knowledge 
of the system administrator, which varies widely. Second, a component version must 
undergo a rewind back to the original, then install this component in the local directory, 
and then create the "LOCAL" file. This is not s straightforward process for any but tho 
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most basic components placed id WINDOW SVSiYSTEM. Also, this solution does not 
cover all of the needed functionality. Daring LoadLibrny, Windows uses different pith 
resolution semantics depending on whether (he component was resolved as a result of an 
explicit or imphcit LoadLibrary, and also whether a Registry Key exists indicating that it 
is a named, or. wefl-fanrwn, DLL ia. this case, the LoadLibrary call will always resolve 
to the WINDOWSVSYSTEM directory. 

DLLs and other shared components also retain reference count semantics to 
ensure that a component is not touched unless no running applications refer to it In 
practice, only applications from the operating system vendor and the operating system 
itself have done a good job of obeying this protocol 

As a general rule, it is desired to have a shared object always resolve to the 
correct component To provide this functionality it is required to understand the version 
of a component, or range of versions, that en application is able to function with. Then, 
when the application is to be run, the present invention should ensure that the component 
is resolved correctly. It is acceptable, in the present invention, to automate the use of 
WFFS or other operating system provided capsbDity, if desired, m this case, it is 
necessary to detect needed components and placo them in the local file system This is 
more complex than just watching installation, as an mstaQatjon program will often not 
install a component if the required one is already there. 

It is desired to identify a method to ensure that named objects are also loaded 
correctly. On the Windows platform, MSVCRT.DLL is a significant culprit within this 
problem area. If multiple versions of this object are maintained, too aforementioned 
Registry key can be dynamically changed, allowing the LoadTibriry function to resolve 
the correct component version. Another reasonable method of ensuring correct 
component loading is the dynamic editing of a process environment to use a valid search 
path. This search path will ensure that a local component is resolved before -a system 
wide component. Another possible method for resolution of the correct shared object is 
through the use of symbolic links. A symbolic link can be made for a shared component, 
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which is resolved at run-time by the computer's file system to the needed component 
Finally, the actual open/read/close reqnestB for information from a shared object'! file 
can be intercepted by the present invention and responded to dynamically for the correct 
version of the file which may exist on the local system or within the invention's 
subsystems. 

Several special forms exist. On the Windows platform, OLE, ODBC, MDXc, ... 
as well as a number of other vendor specific components, are written to be shared 
globally among several or all running processes. In the case of OLE, going as Car as 
sharing data and memory space between separate processes. OLB prevents more than 
one copy of itself running ct a time, as do many of these components OLE also has 
many bugs and features requiring a specific version to be loaded for a specific 
application. In the present invention, an application is able to load whatever version of 
OLE is required, afll enabling the shared semantics with other components using the 
same version of OLE. 

In general, unless specifically configured as such, shared objects should be loaded 
privately to ensure conflict prevention. Nothing about the method used to allow o 
component to be loaded privately should prevent it from being unloaded cleanly or 
correctly loading for another software application, whether being actively managed by 
me Operating System Guard or not. In addition, if the system crashes it is required to 
recover from this crash to o clean state, not having overwritten or modified the 
underlying operating system, 

hues 

Many applications use data files within the application to store configuration 
entries or other application data. The present invention provides a virtual file system 
much like the virtual registry described above. Before the application starts, the present 
invention can load a list of file system changes, including files to hide and files to add to 
the virtual environment or files to redirect to another within the virtual environment. 
Whenever the application accesses or modifies any files, the Operating System Guard 
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checks if the file mast be redirected, end if so, in the preferred embodiment redirects the 
request too location specified in the Operating System Guard configuration. 

If an application tries to create a new file or open on existing file for writing on a 
user's local drive, the Operating System Guard must ensure that the file is actually 
created or modified in the redirected location. If the application is reloaded at a later time, 
this file mapping most be reloaded into the Operating System Guard virtual environment. 
When the request is to modify on existing file, which resides an a user's local drive, the 
Operating System Guard must copy the file in question to the redirection point before 
cemtmuing with the request. The redirected files may not be of the same name as the 
original file to ensure safe mapping bf file paths. In the preferred embodiment, INI files 
ere handled in this way to offer maximum system security while allowing maximum 
application compatibility. 

The present hrvention is particularly useful for applications delivered over a 
network. In such implementations it is important to understand that software applications 
axe made, of several kind* of data, where the bulk of the files a software application uses 
ore most preferably mounted on a separate logical drive. Configuration, including bath 
file based and registry based, can be user specific and system wide. The application 
delivery system used should mark each file for which of these types any file is. This 
informal km provides hints to the Operating System Guard system to act on appropriately. 

D EVICE DRIVERS 

Many applications use device driven or other operating system. level software to 
implement some of its functions such as hardware support or low levfcl interactions 
directly with the operating system In the present invention, the Operating System Guard 
will provide the capability of dynamically, and as possible privately, adding and 
removing these components to an application's virtual environment:. 



Many device drivers are built to be dynamically loadable. IT at dU possible, h is 
the preferred embodiment to load all device drivers dynamically. If a device driver 
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requires static load at boot time, tho user must be presented with this knowledgo before 
running tho application. Odds the system baa rebooted, the application should continue 
from where it left off. However, a large percentage of device drivers arc not dynamically 
unto ridable. Although it is preferred to dynamically unload the driver, if this cannot be 
accomplished the driver wQl be marked for removal on the next reboot, and the user 
should be made aware of this. If toe application is ran a second time before the next 
reboot, the system should remain aware of the presence of the driver and not attempt a 
second installation, waiting for termination to remade the component removable at next 
reboot 

It is important to characterize the base similarities and differences, be they wrist 
for each device driver class, to ensure the present invention can correctly fraction. Bis 
not truly desired to toad and unload device drivers For system hardware that is constantly 
present. . It should be understood thai although tins is not a preferred erobodimentm 
terms of programming ease, it is within the scope of tho present invention and may be 
required far specific reasons, soxh as tho restriction in licensing agreements for 
applications that are delivered and run using foe present invention. 

Chi noo- Micro soft platforms, device drivers are typically handled very differently. 
Macintosh systems support both static and dynamic drivers, but they are eU installed and 
removed through the same method. Unking with the Macintosh system folder will 
provide the necessary support. For UNIX systems, device drivers most typically require 
a modification to the running UNIX kernel, followed by a reboot This process can be 
very complex, in the preferred embodiment, this preccaw in automated; including 
resetting the kernel once the application is complete. The general parameters of the 
process are the same as that described above for Windows applications, the actual process 
steps of compilation and persons familiar with such operating systems can carry out 
reboot 
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Finally, those of drill in the art will understand that h is desirable to be able to 
recover and remove drivers across system failures. Whatever data or processes necessary 
to retain system integrity are therefore a preferred cmbodrtnent of the present invention. 
Those of skill in the art will also appreciate that all types of device drivers might not be 
conveniently or efficiently provided via the present invention, most particularly those 
associated with permanent hardware attached devices. 

OTHER ITEMS 

m the present invention, h is recognized that there are 6ovexal components of the 
invention, the behavior or presence of which is different on alternate operating systems. 
These components include fonts, processes, environment variables, and others. 

Some applications require foots to bo installed in order to perform correctly. Any 
fonts required will be specified fn the Operating System Guard's contiguratian file The 
Operating System Guard will enable these fonts prior to running the application and if 
necessary remove them ■fterwards Most systems have a common area for storage of 
fonts m addition to a process for registering mem or making the system aware of their 
presence, the Operating System Guard will utilize these available methods 

On Windows, a font is copied to the \wTNDOWS\FONTS directory. This 
however does not guarantee that the font is available to the running program. In the 
prof erred embodiment, if the program uses the Windows API to access fonts, the font wiD 
need to be registered with a Win32 API caO such as CreatoScsIableFonUXesource/ . 
AddFoutResonrce. This will insert the font into the system font table. Once complete, 
the Operating System Guard can remove (he font with another appropriate API call like 
KemoveFontResrmrce, then remove the file from the system As an sham ate . 
embodiment, the Operating System Guard could hook the API function s as described in 
the virtual registry method In addition, the Operating System Guard can use its File 
subsystem to avoid placing the actual font file m the running system. 



On Macintosh, the process is extremely similar and based on files hi the 
Macintosh system folder and registration activation. On UNIX, however, the process is 
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dependent upon the application. Most typically, font resources are added to the system as 
regular files resolved in the- proper location, so they can be accessed by name. With 
many Motif systems, a font description needs to bo placed Into a font resource file, which 
w21 allow die font to he resolved. The Motif or X ippfication can invoke the font either 
through the resolution subsystem or by a direct caE Recently, many Motif and CDB 
based systems utilize Adobe scalable postscript fonts. These fonts need to managed 
through the Adobe type management system. There arc exceptions, however, and as 
stated ■hove, there are alternates to the Windows or other operating system default font 
management systems. The Adobe Type Manager provides some alternate interfaces for 
this process, as do other third party type management systems. In most cases it should be 
decided whether to support the interlace or ignore it. The purpose of Operating System 
Guard is not to provide l universal layer for all these systems, only to do so for the 
operating system's own subsystem 

Many applications require enviromnent variables to be set This is most common 
. on UNIX systems, but is also heavily used by software, which was originally written on 
UNIX and ported to the Windows operating systems. Applications on the Windows 
operating systems heavily rely on the DOS PATH environment variable and often set 
their own application specific entries. On the Windows 9x/Mo environments, there are 
many eirvrnmment settings, which are applicable as at its core is the DOS subsystem. If 
an application rwpurcs the presence of specific variables, or values to be set hi existing 
. environment variables, the required environment variables will be specified in the 
Operating System Guard's configuration file. The Operating System Guard will set these 
variables for the application's main process when ft is launched. As applications do not 
typically chango environment settings as they operate, the virtual environment will not 
trap these calls, nor will it provide the ftiO complement of functionality that the registry 
and configuration subsystem does. 



RECOVERY 

m some cases shown in the previous sections, actual modifications rrmst be made 
to the operating system This is Sequent with device drivers and fonts. In addition, 
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changes can he made to the virtual environment that need to be persisted and available 
the next time an application is run It is required thai the Operating System Guard system 
be able to recover from changes to tho system, removing the change from the system at 
its earliest possible opportnmty. Alternately, tf tho system crashes during an 
application's execution, the Operating System Guard should track enough reformation to 
remove any change to the system if it is rebooted or otherwise, and should trade the 
changes made to the virtual environment. In the preferred embodiment, this is 
implemented as a transaction log, but can in other embodiments be done as some other 
similar component, which can be read on system startup so that changes can be backed 



CONTROLLING \TBTUALIZATION 

An important aspect of the invention relates to control of the many &ccts of 
virtualization which the Operating System Guard is capable of m the preferred 
embodiment there exists an instrumentation program able to ascertain the correct aspects 
of a software system to control. Also included ia a method to allow adinittistrators and 
end users to view and modify those items to be virtu alized by the system. 

In the automated program, the application to be controlled is observed in order to 
gauge tho aspects of control The automated program is capable of performing this task 
during the rastnlLntton process of the application, during run-time of the application, or a 
combination of both, m the preferred embodiment, the Operating System Guard is 
embedded in a wrapper application. Post installation, or after one or many uses of the 
software, the wrapper application will query the Operating System Guard for a detailed 
list of all of its actions. From this list of actions, the wrapper application win create the 
configuration files required to load and operate the Operating System Guard an 
subsequent uses. 

If used as pan of the installation process, the Operating System Guard, in the 
preferred embodiment, wifl act as a virtual layer allowing the installation to be entered 
into its environment only. After the installation, all of the filea, settings, et. al can be 
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dumped for reload later. Id this way, the installation will leave the original system intact 
and will have automatically created die necessary configuration filea When used during 
use of the application, the Operating System Guard is able to record either differential 
modifications to the envi nnunem^ or recodify the configuration 

The Operating System Guard will pass its information to the -wrapper application 
for post-processing m the preferred embodiment, in addition to me automatic entries 
mat the system can create, the 'wrapper application Is programmed with operating system 
specific and application or domain specific knowledge. This knowledge is used to alter 
the output of the process to reflect known nses of configuration Hems or other entries. Io 
the preferred embodiment, a nil eft-based system is employed to compare observed 
behaviors with known scenarios in order to effect changes to the coding 

The wrapper application is also used as a viewer and/or editor for the 
configuration output of the process. This editor, in the preferred embodiment, enables a 
system administrator to add, edh, or delete items or groups of items from the 
configuration. In observing the configuration through the editor, the administrator can 
also make replicas of the configuration, changing specific items as needed to effect 
application level or user custom changes 



Referring now to FIG. L, an embodiment of the present invention is illustrated 
functionally. In this embodiment, two seta of application/user data 60 are illustrated 
The Operating System Guard 1 00 keeps the two instances of the application 50 from 
interfering with one another. In addition, as explained above, tho operating system guard 
' 100 serves an an abstraction layer and as such collects commands and communications 
between the application software SO and the actual operating system 10 of the client 
computer. As illustrated graphically by the arrows, certain commands are between the 
Operating System Guard and the software application, this is in distinction to typical 
installations where these commands would instead be acted upon by the operating system 
itself resulting in changes to the client computer that might not necessarily be what the 
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operator intended. On the other hand, other commands pass through the Operating 
System Guard and are men transferred to the Operating System itself 

While this invention has been particularly shown and described with references to 
preferred embodiments thereof it will be understood by those dulled m the art that 
various changes in form and details may be made therein without departing from the 
scope of the invention encompassed by the appended clahns. 
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1. A system fbr creating an application software environment without changing an 
operating system of a client computer, the system comprising an operating system 
abstraction and protection layer, wherein said abstraction and protection layer is . 
interposed between a running software application and said operating system, whereby a 
virtual environment in which an application may run is provided and application level 
interactions are substantially removed. 

1. The system of claim 1, wherein changes directly to the operating system are 
selectively made within the context of the naming application. 

J, The system of claim 2, wherein the abstraction aud protection layer dynamically 
changes the virtual environment according to administrative settings. 

4. The system of claim 1 , wherein the system cotrdaoaUy monitors the use of shared 
system resources and acts as a service to apply and remove changes to system 
components, 

5. The system of claim 1 , wherein the operating system U a Windows-baaed operating 
system, and wherein all operations to tho Windows Registry and .iai files are through the 
Win32 API, the system further comprising a means for hooking functions, whereby each 
time said functions are invoked another function or application intercepts the call 

6. The system of claim 5, wherein the system hooks each appropriate API function to 
service a request whether made by an application run from a server or if nude by an 
application against a configuration key being actively managed 



7. "The system of claim 1, wherein said operating system abstraction end protection layer 
manages the integration of multiple in stances of an application by recognizing how many 
instances of an application are running. 
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8. The system of claim 7, wherein said operating system obstruction and protection layer 
avoids making changes on startup and firm down unless tlere is only one application 
instance r unnin g. 

9. The system of claim I, wherein said operating system abstraction and protection layer 
presents an envrranincnt to on ipph'catian that appears to be an installation enviroprocnt 
without performing an installation, whereby a "pseudo installation" is created in which 
aD of the settings are brought into a virtual errvironmcnt it tho time the application runs. 

10. The system of claim 9, further comprising a means for preventing information on the 
client computer from interfering or modifying the behavior of an application. 

1 1: The system of claim 9, farther comprising a means for dynamically changing the 
virtual environment according to administrative settings. 

11 The system of claim 9, wherein more than one instance of a single software 
application runs on the same cHant computer, and wherein each of said more than one 
instance connects to a different database 

13. The system of claim 12, wherein shared, controlled contexts ire provided in which at 
least two of said instances of a <mgle application share one or more virtual settings. 

14. The system of claim 1 , further comprising a device driver monitor that receives 
instructions at the time of installation for a particular application. 

15. The system of claim 1 , further comprising a virtual Windows Registry component to 
provide a full function registry to an application, but prevent mothfication to the 
underlying system registry. 
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16, The system of claim 1, wherein the operating system abstraction and protection hryer 
responds with a key and its value if said key and value are stared within the operating 
system abstraction and protection layer, if not stored, the operating system abstraction 
and protection layer allows the request to pass through to the Windows Registry. 

17. The system of claim 1 6, wherein if an attempt is nude to modify the value of said 
key, the operating system abstraction and protection layer allows the modification to 
occur to itself only. 
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